static void Main(string[] args) { bool is_verbose = false; bool show_help = false; CLRPH_DEMANGLER demangler_name = CLRPH_DEMANGLER.Default; OptionSet opts = new OptionSet() { { "v|verbose", "redirect debug traces to console", v => is_verbose = v != null }, { "h|help", "show this message and exit", v => show_help = v != null }, { "d=|demangler=", "Choose demangler name", v => demangler_name = ParseDemanglerName(v) }, }; List <string> eps = opts.Parse(args); if (show_help) { ShowHelp(opts); return; } if (is_verbose) { // Redirect debug log to the console Debug.Listeners.Add(new TextWriterTraceListener(Console.Out)); Debug.AutoFlush = true; } // always the first call to make Phlib.InitializePhLib(); Demangler demangler; switch (args.Length) { case 0: demangler = new Demangler(CLRPH_DEMANGLER.Microsoft); TestKnownInputs(demangler); break; default: case 1: demangler = new Demangler(demangler_name); string Filepath = args[1]; if (NativeFile.Exists(Filepath)) { TestFilepath(Filepath, demangler); } else { string undecoratedName = demangler.UndecorateName(args[1]).Item2; Console.WriteLine(undecoratedName); } break; } // Force flushing out buffer Console.Out.Flush(); }
public void InitializeView() { if (!NativeFile.Exists(this.Filename)) { MessageBox.Show( String.Format("{0:s} is not present on the disk", this.Filename), "Invalid PE", MessageBoxButton.OK ); return; } this.Pe = (Application.Current as App).LoadBinary(this.Filename); if (this.Pe == null || !this.Pe.LoadSuccessful) { MessageBox.Show( String.Format("{0:s} is not a valid PE-COFF file", this.Filename), "Invalid PE", MessageBoxButton.OK ); return; } this.SymPrv = new PhSymbolProvider(); this.RootFolder = Path.GetDirectoryName(this.Filename); this.SxsEntriesCache = SxsManifest.GetSxsEntries(this.Pe); this.ProcessedModulesCache = new ModulesCache(); this.ApiSetmapCache = Phlib.GetApiSetSchema(); this._SelectedModule = null; this._DisplayWarning = false; // TODO : Find a way to properly bind commands instead of using this hack this.ModulesList.Items.Clear(); this.ModulesList.DoFindModuleInTreeCommand = DoFindModuleInTree; this.ModulesList.ConfigureSearchOrderCommand = ConfigureSearchOrderCommand; var RootFilename = Path.GetFileName(this.Filename); var RootModule = new DisplayModuleInfo(RootFilename, this.Pe, ModuleSearchStrategy.ROOT); this.ProcessedModulesCache.Add(new ModuleCacheKey(RootFilename, this.Filename), RootModule); ModuleTreeViewItem treeNode = new ModuleTreeViewItem(); DependencyNodeContext childTreeInfoContext = new DependencyNodeContext() { ModuleInfo = new WeakReference(RootModule), IsDummy = false }; treeNode.DataContext = childTreeInfoContext; treeNode.Header = treeNode.GetTreeNodeHeaderName(Dependencies.Properties.Settings.Default.FullPath); treeNode.IsExpanded = true; this.DllTreeView.Items.Clear(); this.DllTreeView.Items.Add(treeNode); // Recursively construct tree of dll imports ConstructDependencyTree(treeNode, this.Pe); }
void App_Startup(object sender, StartupEventArgs e) { Phlib.InitializePhLib(); BinaryCache.Instance.Load(); MainWindow mainWindow = new MainWindow(); mainWindow.IsMaster = true; switch (Phlib.GetClrPhArch()) { case CLRPH_ARCH.x86: mainWindow.Title = "Dependencies (x86)"; break; case CLRPH_ARCH.x64: mainWindow.Title = "Dependencies (x64)"; break; case CLRPH_ARCH.WOW64: mainWindow.Title = "Dependencies (WoW64)"; break; } mainWindow.Show(); // Process command line args if (e.Args.Length > 0) { mainWindow.OpenNewDependencyWindow(e.Args[0]); } }
public NativeDepend() { if (!_PhInited) { Phlib.InitializePhLib(); _PhInited = true; } }
/// <summary> /// Initial from a PE File /// </summary> /// <param name="file">The file name</param> public NativeDepend(string file) { filename = file; if (!_PhInited) { Phlib.InitializePhLib(); _PhInited = true; } }
/// <summary> /// Initialize the class from a PE file /// </summary> /// <param name="file"></param> public void Init(string file) { if (!File.Exists(file)) { throw new FileNotFoundException(); } filename = file; localPE = new PE(file); SxsEntriesCache = SxsManifest.GetSxsEntries(localPE); ApiSetmapCache = Phlib.GetApiSetSchema(); }
void App_Startup(object sender, StartupEventArgs e) { (Application.Current as App).PropertyChanged += App_PropertyChanged; Phlib.InitializePhLib(); // Load singleton for binary caching if (Dependencies.BinaryCacheOption.GetGlobalBehaviour() == Dependencies.BinaryCacheOption.BinaryCacheOptionValue.Yes) { string ApplicationLocalAppDataPath = Path.Combine( Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), "Dependencies" ); BinaryCache.Instance = new BinaryCacheImpl(ApplicationLocalAppDataPath, 200); } else { BinaryCache.Instance = new BinaryNoCacheImpl(); } BinaryCache.Instance.Load(); // https://www.red-gate.com/simple-talk/blogs/wpf-menu-displays-to-the-left-of-the-window/ SetDropDownMenuToBeRightAligned(); mainWindow = new MainWindow(); mainWindow.IsMaster = true; switch (Phlib.GetClrPhArch()) { case CLRPH_ARCH.x86: mainWindow.Title = "Dependencies (x86)"; break; case CLRPH_ARCH.x64: mainWindow.Title = "Dependencies (x64)"; break; case CLRPH_ARCH.WOW64: mainWindow.Title = "Dependencies (WoW64)"; break; } mainWindow.Show(); // Process command line args if (e.Args.Length > 0) { mainWindow.OpenNewDependencyWindow(e.Args[0]); } }
static void Main(string[] args) { // always the first call to make Phlib.InitializePhLib(); int recursion_depth = 0; bool early_exit = false; bool show_help = false; bool export_as_json = false; DumpCommand command = null; OptionSet opts = new OptionSet() { { "h|help", "show this message and exit", v => show_help = v != null }, { "json", "Export results in json format", v => export_as_json = v != null }, { "d|depth=", "limit recursion depth when analyisng loaded modules or dependency chain. Default value is infinite", (int v) => recursion_depth = v }, { "knowndll", "List all known dlls", v => { DumpKnownDlls(GetObjectPrinter(export_as_json)); early_exit = true; } }, { "apisets", "List apisets redirections", v => { DumpApiSets(GetObjectPrinter(export_as_json)); early_exit = true; } }, { "apisetsdll", "List apisets redirections from apisetschema.dll", v => command = DumpApiSets }, { "manifest", "show manifest information embedded in PE file", v => command = DumpManifest }, { "sxsentries", "dump all of FILE's sxs dependencies", v => command = DumpSxsEntries }, { "imports", "dump FILE imports", v => command = DumpImports }, { "exports", "dump FILE exports", v => command = DumpExports }, { "chain", "dump FILE whole dependency chain", v => command = DumpDependencyChain }, { "modules", "dump FILE resolved modules", v => command = DumpModules }, }; List <string> eps = opts.Parse(args); if (early_exit) { return; } if ((show_help) || (args.Length == 0) || (command == null)) { DumpUsage(); return; } String FileName = eps[0]; //Console.WriteLine("[-] Loading file {0:s} ", FileName); PE Pe = new PE(FileName); if (!Pe.Load()) { Console.Error.WriteLine("[x] Could not load file {0:s} as a PE", FileName); return; } command(Pe, GetObjectPrinter(export_as_json), recursion_depth); }
public static void DumpApiSets() { VerboseWriteLine("[-] Api Sets Map : "); foreach (var ApiSetEntry in Phlib.GetApiSetSchema()) { ApiSetTarget ApiSetImpl = ApiSetEntry.Value; string ApiSetName = ApiSetEntry.Key; string ApiSetImplStr = (ApiSetImpl.Count > 0) ? String.Join(",", ApiSetImpl.ToArray()) : ""; Console.WriteLine("{0:s} -> [ {1:s} ]", ApiSetName, ApiSetImplStr); } VerboseWriteLine(""); }
public MainWindow() { Phlib.InitializePhLib(); InitializeComponent(); PopulateRecentFilesMenuItems(true); this.AboutPage = new About(); this.UserSettings = new UserSettings(); // TODO : understand how to reliably bind in xaml this.TabControl.InterTabController.InterTabClient = DoNothingInterTabClient; this._Master = false; }
public DependencyWindow(String FileName) { InitializeComponent(); this.Filename = FileName; this.Pe = new PE(FileName); if (!this.Pe.LoadSuccessful) { MessageBox.Show( String.Format("{0:s} is not a valid PE-COFF file", this.Filename), "Invalid PE", MessageBoxButton.OK ); return; } this.SymPrv = new PhSymbolProvider(); this.RootFolder = Path.GetDirectoryName(FileName); this.SxsEntriesCache = SxsManifest.GetSxsEntries(this.Pe); this.ProcessedModulesCache = new ModulesCache(); this.ApiSetmapCache = Phlib.GetApiSetSchema(); // TODO : Find a way to properly bind commands instead of using this hack this.ModulesList.DoFindModuleInTreeCommand = DoFindModuleInTree; var RootFilename = Path.GetFileName(FileName); var RootModule = new DisplayModuleInfo(RootFilename, this.Pe); this.ProcessedModulesCache.Add(new ModuleCacheKey(RootFilename, FileName), RootModule); ModuleTreeViewItem treeNode = new ModuleTreeViewItem(); DependencyNodeContext childTreeInfoContext = new DependencyNodeContext() { ModuleInfo = new WeakReference(RootModule), IsDummy = false }; treeNode.DataContext = childTreeInfoContext; treeNode.Header = treeNode.GetTreeNodeHeaderName(Dependencies.Properties.Settings.Default.FullPath); treeNode.IsExpanded = true; this.DllTreeView.Items.Add(treeNode); // Recursively construct tree of dll imports ConstructDependencyTree(treeNode, this.Pe); }
void App_Startup(object sender, StartupEventArgs e) { Phlib.InitializePhLib(); BinaryCache.Instance.Load(); MainWindow mainWindow = new MainWindow(); mainWindow.IsMaster = true; mainWindow.Show(); // Process command line args if (e.Args.Length > 0) { mainWindow.OpenNewDependencyWindow(e.Args[0]); } }
static void Main(string[] args) { bool is_verbose = false; bool show_help = false; OptionSet opts = new OptionSet() { { "v|verbose", "redirect debug traces to console", v => is_verbose = v != null }, { "h|help", "show this message and exit", v => show_help = v != null }, }; List <string> eps = opts.Parse(args); if (show_help) { ShowHelp(opts); return; } if (is_verbose) { // Redirect debug log to the console Debug.Listeners.Add(new TextWriterTraceListener(Console.Out)); Debug.AutoFlush = true; } // always the first call to make Phlib.InitializePhLib(); BinaryCache.Instance.Load(); foreach (var peFilePath in eps) { PE Pe = BinaryCache.LoadPe(peFilePath); Console.WriteLine("Loaded PE file : {0:s}", Pe.Filepath); } BinaryCache.Instance.Unload(); }
public void Load() { // "warm up" the cache foreach (var CachedBinary in Directory.EnumerateFiles(BinaryCacheFolderPath)) { GetBinary(CachedBinary); } string System32Folder = Environment.GetFolderPath(Environment.SpecialFolder.System); string SysWow64Folder = Environment.GetFolderPath(Environment.SpecialFolder.SystemX86); // preload all well konwn dlls foreach (String KnownDll in Phlib.GetKnownDlls(false)) { GetBinary(Path.Combine(System32Folder, KnownDll)); } foreach (String KnownDll in Phlib.GetKnownDlls(true)) { GetBinary(Path.Combine(SysWow64Folder, KnownDll)); } }
static void Main(string[] args) { // always the first call to make Phlib.InitializePhLib(); Demangler demangler; switch (args.Length) { case 0: demangler = new Demangler("Microsoft"); TestKnownInputs(demangler); break; case 1: demangler = new Demangler(); TestFilepath(args[0], demangler); break; default: case 2: string demanglerName = args[0].TrimStart(new char[] { '-' }); string Filepath = args[1]; demangler = new Demangler(demanglerName); if (NativeFile.Exists(Filepath)) { TestFilepath(Filepath, demangler); } else { Console.WriteLine(demangler.UndecorateName(args[1])); } break; } }
public static void DumpKnownDlls() { VerboseWriteLine("[-] 64-bit KnownDlls : "); foreach (String KnownDll in Phlib.GetKnownDlls(false)) { string System32Folder = Environment.GetFolderPath(Environment.SpecialFolder.System); Console.WriteLine(" {0:s}\\{1:s}", System32Folder, KnownDll); } VerboseWriteLine(""); VerboseWriteLine("[-] 32-bit KnownDlls : "); foreach (String KnownDll in Phlib.GetKnownDlls(true)) { string SysWow64Folder = Environment.GetFolderPath(Environment.SpecialFolder.SystemX86); Console.WriteLine(" {0:s}\\{1:s}", SysWow64Folder, KnownDll); } VerboseWriteLine(""); }
public void Load() { // "warm up" the cache foreach (var CachedBinary in Directory.EnumerateFiles(BinaryCacheFolderPath)) { GetBinaryAsync(CachedBinary); } string System32Folder = Environment.GetFolderPath(Environment.SpecialFolder.System); string SysWow64Folder = Environment.GetFolderPath(Environment.SpecialFolder.SystemX86); // wow64.dll, wow64cpu.dll and wow64win.dll are listed as wow64 known dlls, // but they are actually x64 binaries. List <String> Wow64Dlls = new List <string>(new string[] { "wow64.dll", "wow64cpu.dll", "wow64win.dll" }); // preload all well konwn dlls foreach (String KnownDll in Phlib.GetKnownDlls(false)) { GetBinaryAsync(Path.Combine(System32Folder, KnownDll)); } foreach (String KnownDll in Phlib.GetKnownDlls(true)) { if (Wow64Dlls.Contains(KnownDll)) { GetBinaryAsync(Path.Combine(System32Folder, KnownDll)); } else { GetBinaryAsync(Path.Combine(SysWow64Folder, KnownDll)); } } }
public NtKnownDlls() { x64 = Phlib.GetKnownDlls(false); x86 = Phlib.GetKnownDlls(true); }
// default search order : // https://msdn.microsoft.com/en-us/library/windows/desktop/ms682586(v=vs.85).aspx // // if (SafeDllSearchMode) { // -1. Sxs manifests // 0. KnownDlls list // 1. Loaded PE folder // 2. C:\Windows\(System32 | SysWow64 ) // 3. 16-bit system directory <-- ignored // 4. C:\Windows // 5. %pwd% // 6. AppDatas // } public static Tuple <ModuleSearchStrategy, string> FindPeFromDefault(PE RootPe, string ModuleName, SxsEntries SxsCache) { bool Wow64Dll = RootPe.IsWow64Dll(); string RootPeFolder = Path.GetDirectoryName(RootPe.Filepath); string FoundPePath = null; Environment.SpecialFolder WindowsSystemFolder = (Wow64Dll) ? Environment.SpecialFolder.SystemX86 : Environment.SpecialFolder.System; String WindowsSystemFolderPath = Environment.GetFolderPath(WindowsSystemFolder); // -1. Look in Sxs manifest (copious reversing needed) // TODO : find dll search order if (SxsCache.Count != 0) { SxsEntry Entry = SxsCache.Find(SxsItem => string.Equals(SxsItem.Name, ModuleName, StringComparison.OrdinalIgnoreCase) ); if (Entry != null) { return(new Tuple <ModuleSearchStrategy, string>(ModuleSearchStrategy.SxS, Entry.Path)); } } // 0. Look in well-known dlls list // HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDLLs // https://blogs.msdn.microsoft.com/larryosterman/2004/07/19/what-are-known-dlls-anyway/ String KnownDll = Phlib.GetKnownDlls(Wow64Dll).Find(x => string.Equals(x, ModuleName, StringComparison.OrdinalIgnoreCase)); if (KnownDll != null) { return(new Tuple <ModuleSearchStrategy, string>( ModuleSearchStrategy.WellKnownDlls, Path.Combine(WindowsSystemFolderPath, KnownDll) )); } // 1. Look in application folder FoundPePath = FindPeFromPath(ModuleName, new List <string>(new string[] { RootPeFolder }), Wow64Dll); if (FoundPePath != null) { return(new Tuple <ModuleSearchStrategy, string>( ModuleSearchStrategy.ApplicationDirectory, FoundPePath )); } // {2-3-4}. Look in system folders List <String> SystemFolders = new List <string>(new string[] { WindowsSystemFolderPath, Environment.GetFolderPath(Environment.SpecialFolder.Windows) } ); FoundPePath = FindPeFromPath(ModuleName, SystemFolders, Wow64Dll); if (FoundPePath != null) { return(new Tuple <ModuleSearchStrategy, string>( ModuleSearchStrategy.WindowsFolder, FoundPePath )); } // 5. Look in current directory // Ignored for the time being since we can't know from // where the exe is run // TODO : Add a user supplied path emulating %cwd% // 6. Look in local app data (check for python for exemple) // 7. Find in PATH string PATH = Environment.GetEnvironmentVariable("PATH"); List <String> PATHFolders = new List <string>(PATH.Split(';')); FoundPePath = FindPeFromPath(ModuleName, PATHFolders, Wow64Dll); if (FoundPePath != null) { return(new Tuple <ModuleSearchStrategy, string>( ModuleSearchStrategy.Environment, FoundPePath )); } return(new Tuple <ModuleSearchStrategy, string>( ModuleSearchStrategy.NOT_FOUND, null )); }
static void Main(string[] args) { String FileName = null; var ProgramArgs = ParseArgs(args); Action <IPrettyPrintable> ObjectPrinter = PrettyPrinter; // always the first call to make Phlib.InitializePhLib(); if (ProgramArgs.ContainsKey("file")) { FileName = ProgramArgs["file"]; } if (ProgramArgs.ContainsKey("-json")) { ObjectPrinter = JsonPrinter; } // no need to load PE for those commands if ((args.Length == 0) || ProgramArgs.ContainsKey("-h") || ProgramArgs.ContainsKey("-help")) { DumpUsage(); return; } if (ProgramArgs.ContainsKey("-knowndll")) { DumpKnownDlls(ObjectPrinter); return; } if (ProgramArgs.ContainsKey("-apisets")) { DumpApiSets(ObjectPrinter); return; } //Console.WriteLine("[-] Loading file {0:s} ", FileName); PE Pe = new PE(FileName); if (!Pe.Load()) { Console.Error.WriteLine("[x] Could not load file {0:s} as a PE", FileName); return; } if (ProgramArgs.ContainsKey("-manifest")) { DumpManifest(Pe, ObjectPrinter); } else if (ProgramArgs.ContainsKey("-sxsentries")) { DumpSxsEntries(Pe, ObjectPrinter); } else if (ProgramArgs.ContainsKey("-imports")) { DumpImports(Pe, ObjectPrinter); } else if (ProgramArgs.ContainsKey("-exports")) { DumpExports(Pe, ObjectPrinter); } else if (ProgramArgs.ContainsKey("-chain")) { DumpDependencyChain(Pe, ObjectPrinter); } else if (ProgramArgs.ContainsKey("-modules")) { DumpModules(Pe, ObjectPrinter); } }
static void Main(string[] args) { Phlib.InitializePhLib(); var ProgramArgs = ParseArgs(args); String FileName = null; if (ProgramArgs.ContainsKey("file")) { FileName = ProgramArgs["file"]; } if (ProgramArgs.ContainsKey("-verbose")) { VerboseOutput = true; } // no need to load PE for those commands if ((args.Length == 0) || ProgramArgs.ContainsKey("-h") || ProgramArgs.ContainsKey("-help")) { DumpUsage(); return; } if (ProgramArgs.ContainsKey("-knowndll")) { DumpKnownDlls(); return; } if (ProgramArgs.ContainsKey("-apisets")) { DumpApiSets(); return; } VerboseWriteLine("[-] Loading file {0:s} ", FileName); PE Pe = new PE(FileName); if (!Pe.LoadSuccessful) { Console.Error.WriteLine("[x] Could not load file {0:s} as a PE", FileName); return; } if (ProgramArgs.ContainsKey("-manifest")) { DumpManifest(Pe); } if (ProgramArgs.ContainsKey("-sxsentries")) { DumpSxsEntries(Pe); } if (ProgramArgs.ContainsKey("-imports")) { DumpImports(Pe); } if (ProgramArgs.ContainsKey("-exports")) { DumpExports(Pe); } }
public NtApiSet() { Schema = Phlib.GetApiSetSchema(); }
// default search order : // https://msdn.microsoft.com/en-us/library/windows/desktop/ms682586(v=vs.85).aspx // // if (SafeDllSearchMode) { // -1. Sxs manifests // 0. KnownDlls list // 1. Loaded PE folder // 2. C:\Windows\(System32 | SysWow64 ) // 3. 16-bit system directory <-- ignored // 4. C:\Windows // 5. %pwd% // 6. AppDatas // } public static Tuple <ModuleSearchStrategy, string> FindPeFromDefault(PE RootPe, string ModuleName, SxsEntries SxsCache, List <string> CustomSearchFolders, string WorkingDirectory) { bool Wow64Dll = RootPe.IsWow64Dll(); string RootPeFolder = Path.GetDirectoryName(RootPe.Filepath); string FoundPePath = null; Environment.SpecialFolder WindowsSystemFolder = (Wow64Dll) ? Environment.SpecialFolder.SystemX86 : Environment.SpecialFolder.System; String WindowsSystemFolderPath = Environment.GetFolderPath(WindowsSystemFolder); // -1. Look in Sxs manifest (copious reversing needed) // TODO : find dll search order if (SxsCache.Count != 0) { SxsEntry Entry = SxsCache.Find(SxsItem => string.Equals(SxsItem.Name, ModuleName, StringComparison.OrdinalIgnoreCase) ); if (Entry != null) { return(new Tuple <ModuleSearchStrategy, string>(ModuleSearchStrategy.SxS, Entry.Path)); } } // 0. Look in well-known dlls list // HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDLLs // https://blogs.msdn.microsoft.com/larryosterman/2004/07/19/what-are-known-dlls-anyway/ String KnownDll = Phlib.GetKnownDlls(Wow64Dll).Find(x => string.Equals(x, ModuleName, StringComparison.OrdinalIgnoreCase)); if (KnownDll != null) { return(new Tuple <ModuleSearchStrategy, string>( ModuleSearchStrategy.WellKnownDlls, Path.Combine(WindowsSystemFolderPath, KnownDll) )); } // 1. Look in application folder FoundPePath = FindPeFromPath(ModuleName, new List <string>(new string[] { RootPeFolder }), Wow64Dll); if (FoundPePath != null) { return(new Tuple <ModuleSearchStrategy, string>( ModuleSearchStrategy.ApplicationDirectory, FoundPePath )); } // {2-3-4}. Look in system folders List <String> SystemFolders = new List <string>(new string[] { WindowsSystemFolderPath, Environment.GetFolderPath(Environment.SpecialFolder.Windows) } ); FoundPePath = FindPeFromPath(ModuleName, SystemFolders, Wow64Dll); if (FoundPePath != null) { return(new Tuple <ModuleSearchStrategy, string>( ModuleSearchStrategy.WindowsFolder, FoundPePath )); } // 5. Look in current directory // Ignored for the time being since we can't know from // where the exe is run // TODO : Add a user supplied path emulating %cwd% FoundPePath = FindPeFromPath(ModuleName, new List <string>(new string[] { WorkingDirectory }), Wow64Dll); if (FoundPePath != null) { return(new Tuple <ModuleSearchStrategy, string>( ModuleSearchStrategy.WorkingDirectory, FoundPePath )); } // 6. Look in local app data (check for python for exemple) // 7. Find in PATH string PATH = Environment.GetEnvironmentVariable("PATH"); List <String> PATHFolders = new List <string>(PATH.Split(';')); // Filter out empty paths, since it resolve to the current working directory // fix https://github.com/lucasg/Dependencies/issues/51 PATHFolders = PATHFolders.Where(path => path.Length != 0).ToList(); FoundPePath = FindPeFromPath(ModuleName, PATHFolders, Wow64Dll); if (FoundPePath != null) { return(new Tuple <ModuleSearchStrategy, string>( ModuleSearchStrategy.Environment, FoundPePath )); } // 8. Check if it's an absolute import if ((Path.GetFullPath(ModuleName) == ModuleName) && File.Exists(ModuleName)) { return(new Tuple <ModuleSearchStrategy, string>( ModuleSearchStrategy.Fullpath, ModuleName )); } // 0xff. Allow the user to supply custom search folders, to take into account // specific cases. FoundPePath = FindPeFromPath(ModuleName, CustomSearchFolders, Wow64Dll); if (FoundPePath != null) { return(new Tuple <ModuleSearchStrategy, string>( ModuleSearchStrategy.UserDefined, FoundPePath )); } return(new Tuple <ModuleSearchStrategy, string>( ModuleSearchStrategy.NOT_FOUND, null )); }
static void Main(string[] args) { // always the first call to make Phlib.InitializePhLib(); int recursion_depth = 0; bool early_exit = false; bool show_help = false; bool export_as_json = false; bool use_bin_cache = false; DumpCommand command = null; OptionSet opts = new OptionSet() { { "h|help", "show this message and exit", v => show_help = v != null }, { "json", "Export results in json format", v => export_as_json = v != null }, { "cache", "load and use binary cache to prevent dll file locking", v => use_bin_cache = v != null }, { "d|depth=", "limit recursion depth when analysing loaded modules or dependency chain. Default value is infinite", (int v) => recursion_depth = v }, { "knowndll", "List all known dlls", v => { DumpKnownDlls(GetObjectPrinter(export_as_json)); early_exit = true; } }, { "apisets", "List apisets redirections", v => { DumpApiSets(GetObjectPrinter(export_as_json)); early_exit = true; } }, { "apisetsdll", "List apisets redirections from apisetschema <FILE>", v => command = DumpApiSets }, { "manifest", "show manifest information embedded in <FILE>", v => command = DumpManifest }, { "sxsentries", "dump all of <FILE>'s sxs dependencies", v => command = DumpSxsEntries }, { "imports", "dump <FILE> imports", v => command = DumpImports }, { "exports", "dump <FILE> exports", v => command = DumpExports }, { "assemblyrefs", "dump <FILE> assemblyrefs", v => command = DumpAssemblyReferences }, { "modulerefs", "dump <FILE> modulerefs", v => command = DumpModuleReferences }, { "chain", "dump <FILE> whole dependency chain", v => command = DumpDependencyChain }, { "modules", "dump <FILE> resolved modules", v => command = DumpModules }, }; List <string> eps = opts.Parse(args); if (early_exit) { return; } if ((show_help) || (args.Length == 0) || (command == null)) { DumpUsage(); return; } BinaryCache.InitializeBinaryCache(use_bin_cache); if (eps.Count == 0) { Console.Error.WriteLine("[x] Command {0:s} needs to have a PE <FILE> argument", command.Method.Name); Console.Error.WriteLine(""); DumpUsage(); return; } String FileName = eps[0]; if (!NativeFile.Exists(FileName)) { Console.Error.WriteLine("[x] Could not find file {0:s} on disk", FileName); return; } Debug.WriteLine("[-] Loading file {0:s} ", FileName); PE Pe = new PE(FileName); if (!Pe.Load()) { Console.Error.WriteLine("[x] Could not load file {0:s} as a PE", FileName); return; } command(Pe, GetObjectPrinter(export_as_json), recursion_depth); }